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Description 

Title of Invention 

^y\± AiBj# A^ oj# elE|B||0| 

± A|^gj §1 zi ^{User authentication 
interface system for unix server and thereof 
method} 



Yong-Rok Heo 



Tae-Jin Moon 
KR 



The user authentication interface system for the UNIX server 
and method. 



In the user authentication interface system for UNIX server, 
as to the user authentication interface system for the UNIX 
server, the administrator interface module is prepared between 
the identification transforming module: identification 
transport module: authentication result process module: 
authentication method administration module: server 
configuration management module: managing the 
configuration of each UNIX server and authentication method 
administration module, and server managing module manages 
the authentication method according to each user transmits the 
authenticated result from the UNIX server to user delivers the 
transformed identification as described above to the UNIX 
server converts the identification of account receive module: 
identification receive module: the inputted user as described^ 
above into the UNIX format the identification of user is input 
the user account of user is input. 

The user authentication interface system which according to 
the present invention, executives as proxy for all 
authentication procedures between user and UNIX server like 
this is added. In that way it can be more convenient and the 
user account administration can be efficiently managed. And 
the various user authentication method can be added. The user 
authentication interface system has the advantage of 
intensifying the security according to that. 



The user authentication interface system for the UNIX server 
and method [User authentication interface system for unix 
server and thereof method]. 
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Figure 1 is a schematic diagram showing the process of being 
the user log of the conventional UNIX server. 



Figure 2 is an internal structure diagram of the user 
authentication interface system for the UNIX server according 
to the present invention. 



Figure 3 is a schematic diagram of the user authorization 
process by the user authentication interface system for the 
UNIX server according to the present invention. 



Figure 4 is a drawing showing each execution single step 
signal input output relation at the user authorization process 
by the user authentication interface system for the UNIX 
server. 



The description E of the denotation about the main part of 6 
drawing. 



101. .user 102. UNIX server. 



201.. user 20 1 . UNIX server. 



203. . user authentication interface system. 



204. . interface subsystem 204a. account receive module. 



204b. . identification receive module 204c. identification 
transforming module. 



204d. . identification transport module 204e. authentication 
result process module. 



205. . administrator subsystem 205a. authentication method 
administration module. 
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205b. . server configuration management module 205c. 
administrator interface module. 



The present invention relates to the user authentication 
interface system for the UNIX (unix) server (sever), 
particularly, to the user authentication interface system for the 
UNIX server putting the certificate server executiving as 
proxy for all authentication procedures between user and 
UNIX server and provides the various authentication method, 
and it unifies the user account administration, convenient and 
manages the user account. And method. 



In the computer is past, it independently existed and the task 
of individual was helped and the work efficiency was 
improved. The convenience in transaction was provided. But 
generally as to computer, as to today, the different part was 
together connected to the rapid power generation of the 
communications technology and computer and computer, was 
used. And the information and resources were shared ' 
according to that. Task was joined in. And task was possible. 
Accordingly, the effect value as to computer, is any more 
independently decreased. The significance of the networking 
which respects to share the resources and do and connects the 
different computer is important. 



In the meantime, in order that the program of computer is 
performed and the resources is managed, the software called 
the operating system is needed in order to materially control 
computer. Thus, different kinds operating systems were made. 
Whereas it has operating systems which are suitable for the 
personal computer, it has operating systems which are 
suitable for the mainframe like the server computer, which is 
the subject which the network provides the service. Among 
the operating system of such mainframe, UNIX provides the 
stable skill. The network function which is powerful than 
especially, the a operating system is provided and the skill is 
used in many network as the network operating system. 
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The user the feature of UNIX as the network operating system 
can use only when doing with the log-in (log in). It is the 
multiuser function, which at the same time, is caused by with 
log and in which the different man can use one computer the 
multiple job operation function, at the same time, of executing 
moreover, the different program the resource sharing function 
etc. Can share data and resources in case user wants. 



In the meantime, the new technology everyday appeared. 
Numerous network appeared. As the users increased, the 
technology emerged as these administrations, moreover, 
critical matter. Moreover, as to the administration about this 
users, when it is with log, the arbitrary user the problem of the 
user authentication making possible to any kind of user in the 
network is the critical matter in a network in connection with 
the security problem. 



Figure 1 is a command work flow chart of the process of 
being the user log of the conventional UNIX server. 



Referring to Figure 1 , it is comprised of the user 
authentication system, for the conventional UNIX server is 
the user (101), and the UNIX server (102). The UNIX server 
(102) is with the user (101) is log. 



Firstly, the c in which the user (101) asks for connection as 
the UNIX server (102) in order to be with log (step SI). And 
then, in order to confirm the use authentication registered by 
the user account which oneself has, the UNIX server (102) 
demands the user account from the user (101) (step S2). 
Thereafter, if the user (101) account is inputted (step S3), the 
UNIX server (102) demands password from the user (101) 
(step S4). Thus, if the user (101) inputs password as many 
(step S5), it confirms whether password fits in the UNIX 
server (102). The user authentication is performed registered 
user. The session according to that is set up and the result is 
transmitted to the user (101) (step S6). 



Machine translated in Korea by Korea Institute of Patent Information. Formatted in Tsukuba, Japan by Paterra, Inc. 



K2E-PAT Page 6 



[0022] 

oi a^ n%n[ bigjmasi ^9.^ 

tHcHI AH A|-gX|- 7i|S# ccf^ fifaloPI fllS 
oil, ui|eo, a7h a^x^F &o r I!^ 

^ 3*11*12! A|~g-X|- ^£|7 r CH3jflX| 

Technical Challenges of Invention 
[0023] 

Sf\t[0\ 1A°^M 9 #Bflo| Ar #X r oj 

H|- td|iJBj20i| o|Hj- ojS £| 0|| Cl-ot^j- o|g 

S-flg ^feoMI om } noil ofai- M^i 
^SrS ^ ftls^, £E», °!§ AHtHcHI o|*l 
A r #x r Tjg u^r $W, a aa| 

5 Mch tin ^ Sin, ^3 

6 A|^Ejlo||Ai£ §h ^ 51^ -n-H^ 

Configuration of Invention 
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(IRM, Identification Receiving Module); o^l 
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There is a problem that the process of being the grog gets 
accomplished of the input of password and user account and 
the security is weak. The user authentication system for the 
conventional UNIX server (102) like the or more manages the 
user account in each server. Therefore network is enlarged. It 
becomes difficult for the whole user account administration as 
user grows. 



An object of the present invention are to provide the user 
authentication interface system for the UNIX server it is 
created in order to improve problem as described above, and 
it adds the certificate server in the conventional user 
authentication system and it executives as proxy for all 
authentication procedures, and in that way while it like that 
maintains the conventional authentication system, it is able to 
make the authentication method which is various besides 
authentication by the user account and password possible, and 
it intensify the security according to that, and unifying the 
user account administration with moreover, the certificate 
server, and it can be more easy and managing the 
administration, and which it well can apply in the complicated, 
system. And method. 



It is comprised purpose as described above. And the present 
invention is to be equipped with the user authentication 
interface system which is installed as to the system 
authenticating the user for to connecting to the UNIX server 
between user and UNIX server and converts the identification 
information which user inputs into the UNIX format and 
transmits in the UNIX server, and sets up session between the 
UNIX server and user according to the authentification result 
determined in the UNIX server and performs the user 
authentication.The user authentication interface system for the 
UNIX server is characterized by including the administrator 
interface module (MIM, Manager Interface Module) among 
the identification transforming module (Identification 
Transforming Module): identification transport module (ISM, 
Identification Sending Module): authentication result process 
module (ARPM, Authentication Result Processing Module): 
authentication method administration module (AMMMM, 
Authentication Method Management Module): server 
configuration management module (SCMM, Server 
Configuration Management Module): managing the 
configuration of each UNIX server and authentication method 
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administration module, and server managing module manages 
the authentication method according to each user transmits the 
authenticated result from the UNIX server to user delivers the 
transformed identification as described above to the UNIX 
server converts the identification of account receive module 
(ARM, Account Receiving Module): identification receive 
module (IRM, Identification Receiving Module): the inputted 
user as described above into the UNIX format the 
identification of user is input the user account of user is input. 



Here, the conversion of the identification transforming 
module is the UNIX server the input information of various 
forms of user identifications is characterized that it converts 
into the UNIX format can recognize. Moreover, in the user 
authentication interface system, when session between server 
and UNIX are set up, session between the UNIX server and 
user are set up according to the authentication result of the 
UNIX server.Provided is the user authentication method for 
the UNIX server which if has the connection request as to the 
method for performing the user authentication by using the 
user authentication interface system installed between user 
and UNIX server according to other side of the present 
invention from user, user demand the UNIX user account 
from user in the user authentication interface system, and if 
the UNIX account is inputted from user, user input the UNIX 
account to the UNIX server in the user authentication 
interface system, and if user demand the password input 
corresponding to the user account in the UNIX server, user 
request the proof of identity to user in the user authentication 
interface system, and if identification is inputted from user, it 
converts the inputted identification as described above into 
the UNIX format in the user authentication interface system 
and inputs to the UNIX server, and it determines the use 
authentication analyzing the inputted identification as 
described above in the UNIX server and is registered and 
allows log-in according to the result. 



Hereinafter, is circumstantially illustrated. 
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Figure 2 is an internal structure diagram of the user 
authentication interface system for the UNIX server according 
to the present invention. 

Referring to Figure 2, the user authentication interface system 
(203) for UNIX server is comprised of the interface 
subsystem (204) and administrator subsystem (205). The 
administrator interface module (205c) of two modules of the 
authentication method administration module (205a): server 
configuration management module (205 b): managing the 
configuration of the UNIX server (202) and administrator 
subsystem (205) are prepared. Manages the authentication 
method according to each user (201) as the identification 
transforming module (204c): identification transport module 
(204d): delivering the transformed identification as described 
above to the UNIX server (202) and the authentication result 
process module (204e), transmitting the authenticated result 
from the UNIX server (202) to the user (201) and 
administrator subsystem (205), converts the identification of 
the account receive module (204a): identification receive 
module (204b): user (201) which the identification of the user 
(201) is input into the UNIX format the user account of the 
user (201) as the interface subsystem (204) is input. 



Here, the function of executiving as proxy for the user 
authentication between the UNIX server (202) and the 
interface subsystem (204) user (201) is performed. It assumes 
because the operating system of each UNIX server (202) is 
not identical. It assumes because of having the definition of 
name regulation of the account at the operating system , and 
the difference of the formation rule of password. These are 
managed in the administrator subsystem (205). Moreover, the 
number of user (201) and UNIX server (202) it is connected 
to the user authentication interface system (203) and 
communications network each UNIX server (202) has the 
user account which it independently manages does not limit. 



The process referring to figs. 3 and 4, of performing user 
authentication of the present invention the user authentication 
interface system having configuration as described above is 
circumstantially illustrated. 

Figure 3 is a schematic diagram of the user authorization 
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^(201) A^O|0|| 

^± AitH(202)O|| g.=L °J ft OH A|-gX|- 
^5 IfSt ^Sl^L ^, 4S*r(201)fc 

^.u^. AitH (202)o|| °J sp| £|*H Ah 
S*r ojg e|E|qo|^ A|^aj (2 03)°S 1 
^« 2Ssf2, n a^ °J§ e|E]n|o|^ 

A| ^1(203)^ -fePI Ah#X|-(201)S^Ei 

u i°2, ttH^: Ai^(202)2f Sd# 

[0034] 

Ap| A^Xh ojg ojE-jitllOl^ A|^ljo| S. 

[0035] { 

£ 4 » #S3 r S, 3*1 A^X|-(20iph fMi 
^ AH tH (202)0)1 °J op I A)-® 

X r °J§ o|E|ii(!0|^ A|>;aj(203)°S 

m as&cKBTi si), najs, a^xi- ojs 

ojE)Jti|0|^ A|^aj(203)-E A|-gX)(201)O||7)| 

ass xitH(202)2| 
S^a- 3d# a^ohcK^I S2). ztaim, Ah 

^x^oip) ttH^ ais oia# Ah#x) oi 

§ 2]e)5||o|^ A|^aj(202)°^ ?J3°r3(e 

H S3), Ah§Xh o|g ?iE\nO\± A|^Bj 

(203)€- Ah#xK2oiph * r 3fe 

^ A)bi(202)S S^sPI ^1°^ AfgX^ 7)1 
§# ttH^ *) ^(202)0)1 ei 

^thcK^I S4). 0| til), A-)tH(202)fe 

a^i a|-#xf 7)| §o)| sHS-ofe b|S £s# 
81 a* » a^&cKeai S5). o| oil Ah§ 
x) 2JS e!E|m|o|^ a|^H(203)-S 4§x r 
(201)O)|»| S6), 

S7). 



process by the user authentication interface system for the 
UNIX server according to the present invention. Figure 4 is a 
drawing showing each execution single step signal input 
output relation at the user authorization process by the user 
authentication interface system for the UNIX server. 



Referring to Figure 3, the user authentication inter pay for 
UNIX server 



The system (203) is positioned between the UNIX server 
(202) and user (201). The user (201) performs the user 
authorization process in the UNIX server (202) when being 
with log. That is, it respects in the UNIX server (202) to do 
with log-in and the user (201) requests connection as the user 
authentication interface system (203). If the user 
authentication interface system (203) receives the connection 
request from the user (201), the user authentication is 
performed while communicating with the UNIX server (202). 



:<Referring to Figure 4, the operation of the user authentication 
interface system is little more circumstantially illustrated. 



Referring to Figure 4, firstly, it respects in the UNIX server 
(202) to do with log-in and the user (201) asks for connection 
as the user authentication interface system (203) (step SI). 
And then, the user authentication interface system (203) 
requests to input the account of the UNIX server (202) asking 
for connection to the user (201) (step S2). And if the user 
(201) inputs the UNIX user account to the user authentication 
interface system (202), so that the user (201) connect as the 
UNIX server (202) to be with log, the user authentication 
interface system (203) inputs the user account to the 
corresponding to UNIX server (202) as described above (step 
S3) (step S4). At this time, the UNIX server (202) requests to 
input the password corresponding to the user account (step 
S5). Thus, the user authentication interface system (203) 
requests the proof of identity to the user (201) (step S6). The 
user (201) inputs identification (step S7). 
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[0036] 

op|AH 5 Ap| A^§xK20lp^ da SI 

H|SISSL* SI 3^ 

?^(smart cardH, X| ° ojai a|>; 

7H^S 75t iifecK 

[0037] 

■as, oistii Ajgxh(2oi)2i ssoi a|. 

§X|- ojg ojEjE||0|^i A|>;aj (203)°^ g| 
B45|S(EWI S7), o|S ojE)2i|0|^ 

A|^g| (203)o|| ah ^ oje^s c^oh Seh°| 
§SS ^-M— AH uj (202)o|| M °JAj^ 
^ SMI 3p| s|sN i D l°5 «j£h 

A|ZJc|-(t^| S8 ). n^\JL, a^x|- ai 

5! fFH^ AitH(202)O)| gJ^S^(& 

7|| S9), -S-H^ ah tH (202)0)1 ah oie^s A^ 

*[°\x\m e^shoi, -i^aioi 21= a^ 

SI S^oii °h*H SZL °J# Z\£Z[0i ojg 

S4» A^Xl- °l§ ojEHBilOl^ A|^D 
(203)HS £1-^(^1 S10). 

[0038] 

A^ ojg. A|vA.gJ(203)S, a 
340)1 QLl-e-h A^X|- (201)2|- ff 
AH^(202) *[0\B\ Ai|AjS 
711 Sll), ZL °J# 341- A^XK201)O||7)| 
a§92£*|(S7fl S12), A^X)- ojg# =t= 

[0039] 

0|S»| A^Xh o]§ ojE|n||0|^ A|^H 
(203)« A^X^201)£F tt±1± M*\ (202) Af 

o|o)| *ro\ a-E Sl# 4S# miSsMI °l 
# zfestfl sf2, M|H^|ao)|AH A^ 



ol 

/>A 



Effects of Invention 
[0040] 

0|^°| ^0|, ^ot^j- o|§ # 

!# 4S*r£r AitH a^ioii ^ch a. 



Here, the method in which the user (201) inputs identification 
can be the method for inputting the conventional password. 
The method in which the user (201) inputs identification 
additionally makes the smart card, or the fingerprint 
identification system, and the various method like the iris 
recognition system possible. It strengthens the security. 
Sinker has the open architecture so that sinker practice the 
new identification method of afterward. 



In the meantime, in this way, if the identification of the user 
(201) is inputted to the user authentication interface system 
(203), in order to recognize clearly various forms of 
identifications in the UNIX server (202), inputted to the user 
authentication interface system (203) (step S7) it changes to 
the UNIX format (step S8). And if the transformed user 
identification is inputted to the UNIX server (202) (step S9), 
the user information inputted to the UNIX server (202) is 
analyzed. The registered use authentication is determined. In 
case of being registered user log-in is allowed and the 
authentifi cation result is transmitted with the user 
authentication interface system (203) (step S10). 



In the meantime, according to the transmitted authentification 
result as described above, the user authentication system 
(203) sets up session between the UNIX server (202) and the 
user (201) (step Sll). Session transmit the authentification 
result to the user (201) (step SI 2). In that way it performs the 
user authentication. 



In this way, the user authentication interface system (203) is 
put between the user (201) and UNIX server (202) and all 
authentication procedures are executived as proxy for. The 
structure of being open-hearted is made have and the structure 
makes the various authentication method possible. Network 
manages the user account. In that way it can manage. More 
efficient. 



It has the user authentication interface system having the 
structure of being open-hearted of adding the method for 
performing the authentication of being various like 
description described in the above between user and UNIX 
server and all authentication procedures are executived as 



Machine translated in Korea by Korea Institute of Patent Information. Formatted in Tsukuba, Japan by Paterra, Inc. 



K2E-PAT Page 1 1 



911 



£]E)it||0|^ A|^B|0||Ai liSjoS 5+5.| Si" 



Claims 
Claim 1 



SI- 



AA 



Ap| A|gX^|- ArllH AhO|CH| ^*|SL| 

oi a^x|-o]| °|sn Aj£i SMS 

°UI^ a DJlo S g&3}0j A^7| ^-U^ AH 

Noll S^SR, &7\ ahuHoiiaH ti-Eh 

S °J§ S^oll n|-a|- £p| a^x^I- 

A^ A>0|S| Afl£* HQfW A^Aj ojg 
« *M9*fe A|-gA> ojg ojE|Jf||0|^ A|^ 

HI 
1=1 

Claim 2 

fll 1 &0|| JiOlAi, 



JE||0|^ A|^l)o^«Ei A]°j 

» et^m 3 a^o]| rx^ sis 

Shir 3d# fS£^ sfe a^* 

3h A^r ojg A|^a. 

Claim 3 

n i s-oii aiojAH, 



□ [•EE 7^ J|°.o|> 



proxy for. In that way the various authentication method is 
added. The security can be intensified according to that. 
Moreover, in network, the user authentication interface 
system manages the user account administration. In that way 
it is more easy. It has the advantage making the efficient user 
account administration possible. 



The system authenticating user that tries to connect to the 
UNIX server, said system authenticating user is comprised of 
the user authentication interface system which is installed 
between user and UNIX server and converts the identification 
information which user inputs into the UNIX format and 
transmits in the UNIX server, and sets up session between the 
UNIX server and user according to the authentification result 
determined in the UNIX server and performs the user 
authentication. 



The user authentication system for the UNIX server of claim 
1 , wherein the UNIX server analyzes the identification 
information transmitted from the user authentication interface 
system and it judges whether or not and the UNIX server is 
the authorized user it allows log-in according to the result. 



The user authentication system for the UNIX server of claim 
1 , wherein the identification information is one or more 
information among the password input, the smart card, the 
fingerprint recognition, the iris recognition. 



Ol Al ^ 
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Claim 4 

A\%X\9\ A-) bh) AhO|0|| *£*\5\°\ Af 



A^X^I 7||^ 0 |- 



= A| 



A^X^| Ajoj go^ o|BJdj.- Ajoj 



i D J|o^ S AJ^J §g S.||; 

oil £!S-ofe i!S i n J 



£*M?]| S^ofe oj§ Si; 

Z|Z|o| A^X r O|| IX r # oJ§ ^a|^ 
4r #B SBI S^; 

^ A^o| ? Aj # Sa|ofe A-jfcH ^ 



AH 



£PI tfB Sal AitH h 

#°| A fo|o]| ^a|x|- °!E|JI||0|^ it 

o|# o|Ejit||0|^ A|^BJ. 

Claim 5 

n 4&oii sioiAi, 



?l A^X^ oj§ £!E|JI||0|± A|^U0l|Ai g 



The user authentication interface system of the user 
authentication interface system which is installed between 
user and UNIX server and performs the user authorization 
process, wherein it is comprised between the identification 
transforming module: identification transport module: 
authentication result process module: authentication method 
administration module: server configuration management 
module: managing the configuration of each UNIX server and 
authentication method administration module, and server 
managing module including the administrator interface 
module manages the authentication method according to each 
user transmits the authenticated result from the UNIX server 
to user delivers the transformed identification as described 
above to the UNIX server converts the identification of 
account receive module: identification receive module: the 
inputted user as described above into the UNIX format the 
identification of user is input the user account of user is input. 



The user authentication interface system of claim 4, wherein 
the session according to the authentification result of the 
UNIX server is set up in the user authentication interface 
system. 
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Claim 6 



A^x r <^ -M^H a|o|o|| 4§ 

*r 2JS £1^21101^: A|^Hj# 0|§S r C*| A^ 
§*r tfsfe g>^0|| SiOjAi, 



The method for performing the user authentication by using 
the user authentication interface system that is installed 
between user and UNIX server, said method for performing 
the user authentication by using the user authentication 
interface system are comprised of the step that if has the 
connection request from user, demands the UNIX user 
account from user in the user authentication interface system, 
the step that if the UNIX account is inputted from user, inputs 
the UNIX account to the UNIX server in the user 
authentication interface system, the step that if demands the 
password input corresponding to the user account in the 
UNIX server, requests the proof of identity to user in the user 
authentication interface system, the step that if identification 
is inputted from user, it converts the inputted identification as 
described above into the UNIX format in the user 
authentication interface system and it inputs to the UNIX 
server, and the step determining the use authentication 
analyzing the inputted identification as described above in the 
UNIX server and is registered and allows log-in according to 
the result. 



S*r eJS °]E-)ii||0|^ Al^ENoHAi Ap| A| 

gx[o\\7\\ tt-H^ 313 o|## Er 

n-, 

S, £PI Af-&X|- olg ojEHfill 0|^ A|^10)| 
M &\ fi-H^ 313 « A-\ti\0\\ 
°J^sfe E[3I; 

#7 1 ttH^ AibH0i|Ai AV 7 | A ^XF 7)| §011 

ArS^r SIS °JEHS«0|^ A|^Hlol|Ai Ap| 
A r #XHH|7|| AJ§I £75fe EMI; 

A|#X|-^E| Ajoj sg 0 | °JE9£|Ei, 
Ap| A|gX|- o|g o|EjJii|0|^ Al^Ejjo)!^ 

S»»rO| ^7 1 ^t)^ AitHoll gl^Sfc & 

a^i Mm\M &\ eia*a § 

S# ^5fOj #SE| a^SX|. oJ X |m si-ch 
ol-a| 3 1 HI-CHI S.H°]# Eh 

31 
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Figure 3 
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